Symantec Mail Security for Microsoft Exchange 6.5.0 experiences virus definition loading failure due to rollback failure resulting in the Exchange server beeping and Windows Events: 110, 168, 68, and 167

Article:TECH132624  |  Created: 2010-01-20  |  Updated: 2014-07-14  |  Article URL http://www.symantec.com/docs/TECH132624
Article Type
Technical Solution


Issue



Symantec Mail Security for Microsoft Exchange (SMSMSE) has trouble loading new virus definitions. Issues may include mail flow slowdowns or stopping and event ID 110, 167, 168 and 68 being written to the application event log.

Symptoms
Symptoms will be identical to those described in this document:'The Exchange server is beeping, and / or you are getting the following SMSMSE events: 110, 168, 68, and 167, in Windows Application Event log.'

  • If an upgrade has occurred you notice an increase in the number of times virus definitions become corrupted, resulting in stoppages of mail flow, and event ID 110, 167, 168 and 68 being written to the application event log.
  • You may also see a virus definition date in the SMSMSE console of 1/1/1601

Conditions

  • SMSMSE build number is 6.5.x.
    To verify build number perform the following steps:

    1. Open the SMSMSE Administration Console.
    2. Click Help -> About.
  • An excessive number of folders with names similar to VirusDefs0000000XXX located in the SMSMSE virus definitions directory.
    1. Open Windows explorer on the SMSMSE computer.
    2. Open the following folder:
      32-bit Systems
        C:\Program Files\Common Files\Symantec Shared\Definitions\AntiVirus

      64-bit Systems
        C:\Program Files (x86)\Common Files\Symantec Shared\Definitions\AntiVirus

    3. If this directory contains more than 3 folders with this naming convention then this condition is met.

 


Cause



When SMSMSE receives a new virus definition set it tries to load them. If SMSMSE is unable to use the new virus definition set then it attempts to roll back to a previous version of the virus definitions. SMSMSE is unable to roll back and this issue occurs. The roll back functionality is not functioning as expected.


Solution



This problem is fixed in Symantec Mail Security 6.5.1 for Microsoft Exchange. To download the latest release, read Obtaining an update or an upgrade for a Symantec Corporate product.

 

Workaround

NOTE: All file paths will be in Program Files (x86) on 64 bit systems

Run Rapid Release definitions in SMSMSE.

  1. Open SMSMSE.
  2. Click Admin > LiveUpdate/Rapid Release Status.
  3. Click Run Rapid Release Definitions (via FTP)

Stop the SMSMSE service

  1. Click Start > Run.
  2. Type:  net stop smsmse

Clear the existing definitions from SMSMSE to allow SMSMSE to process new definitions

  1. Remove VirusDefs0000000x folders from C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus (where 'x' is a number). 
  2. Remove all files from C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming. 
  3. Copy all files from the latest definition folder to C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.

NOTE: The latest definition folder can be found in

  • 32 bit:  C:\Program Files\Common Files\Symantec Shared\VirusDefs\
  • Server 2003 64 bit:  C:\Program Files (x86)\Common files\Symantec Shared\SymcData\virusdefs32
  • 64 bit:  C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32

For example, copy all files from C:\Program Files\Common Files\Symantec Shared\VirusDefs\2010XXXX.XXX to C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.

Start the SMSMSE service

  1. Click Start > Run.
  2. Type: net start smsmse

When the service starts up, SMSMSE will read the definition files from the incoming folder and create a new virus definition folder under the Antivirus folder. For example, a folder, A VirusDefs00000001 is created in C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus.

 

 


 


Supplemental Materials

SourceETrack
Value2036758 2015143

Legacy ID



2010052016073054


Article URL http://www.symantec.com/docs/TECH132624


Terms of use for this information are found in Legal Notices